What is the CVSS score of CVE-2026-34708?

CVE-2026-34708 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Adobe InCopy are affected by CVE-2026-34708?

Adobe InCopy versions 21.3 and earlier contain a stack-based buffer overflow vulnerability that enables arbitrary code execution when users open maliciously crafted documents.

How to fix or mitigate CVE-2026-34708?

Within 24 hours: Identify and inventory all systems running Adobe InCopy 21.3, 20.5.3, or earlier. Within 7 days: Implement document source validation policies restricting opening of unsolicited external files; conduct user training on document handling risks. Within 30 days: Contact Adobe for patching timeline; if patch unavailable, establish technical controls (air-gapping sensitive InCopy systems, disabling auto-load features, evaluating alternative document tools).

Adobe InCopy CVE-2026-34708

EUVD-2026-35785 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-06-09 adobe

GHSA-xvhc-r5q4-hcgj

Stack Overflow Buffer Overflow RCE Incopy

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 18:53 vuln.today

DescriptionCVE.org

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious InCopy document

Delivery

Deliver via email or shared drive

Exploit

Victim opens file in InCopy

Execution

Trigger stack-based buffer overflow in parser

Persist

Hijack control flow via corrupted return address

Impact

Execute arbitrary code as current user

Access

Craft malicious InCopy document

Delivery

Deliver via email or shared drive

Exploit

Victim opens file in InCopy

Execution

Trigger stack-based buffer overflow in parser

Persist

Hijack control flow via corrupted return address

Impact

Execute arbitrary code as current user

Vulnerability AssessmentAI

Exploitation	Exploitation requires the victim to open a maliciously crafted InCopy document in a vulnerable version of Adobe InCopy (21.3 or 20.5.3 and earlier) - the attacker cannot trigger the bug remotely without that user action. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H describes a local attack requiring user interaction (opening a file) but no prior authentication or privileges on the target, with high impact across the CIA triad - a typical profile for client-side document-parsing bugs. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker emails a creative-team employee a 'draft revision' InCopy document, posing as an outside agency or freelance editor; when the employee opens the file in InCopy, the malformed structure triggers the stack overflow and runs attacker-chosen code as that user, enabling credential theft, document exfiltration from shared publishing repositories, or a foothold for lateral movement. No public exploit is identified at time of analysis, but the bug class (CWE-121 in a desktop parser with UI:R) is well within the capability of any actor experienced in document-based client-side exploitation.
Remediation	Apply the vendor-released patches referenced in Adobe Security Bulletin APSB26-59 (https://helpx.adobe.com/security/products/incopy/apsb26-59.html) - upgrade InCopy 21.x to the fixed release listed in that bulletin and the 20.x branch to a version newer than 20.5.3. … Detailed patch versions, workarounds, and compensating controls in full report.